You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2007/07/10 08:25:29 UTC
svn commit: r554845 - /httpd/httpd/branches/2.0.x/STATUS
Author: rpluem
Date: Mon Jul 9 23:25:28 2007
New Revision: 554845
URL: http://svn.apache.org/viewvc?view=rev&rev=554845
Log:
* Summarize, vote and promote
Modified:
httpd/httpd/branches/2.0.x/STATUS
Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?view=diff&rev=554845&r1=554844&r2=554845
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Mon Jul 9 23:25:28 2007
@@ -114,6 +114,24 @@
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
+ *) SECURITY: CVE-2007-1863 (cve.mitre.org)
+ mod_cache: Prevent segfault from Cache-Control headers with no
+ values
+ Trunk version of patch:
+ http://svn.apache.org/viewvc?view=rev&rev=535617
+ 2.0.x version of patch:
+ http://people.apache.org/~mjc/cve-2007-1863-2.0.patch
+ +1: mjc, rpluem, jorton
+
+ * SECURITY: CVE-2007-3304
+ scoreboard pid protection fixes -- the only fix for 2.0.x is
+ to ensure a valid positive pid is passed to apr_proc_wait();
+ the MPMs do not kill children directly as in 2.2.x.
+ trunk commit:
+ http://svn.apache.org/viewvc?view=rev&rev=551843
+ patch for 2.0.x:
+ http://people.apache.org/~jorton/httpd-2.0.x-CVE-2007-3304.patch
+ +1: jorton, jim, rpluem
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ please place SVN revisions from trunk here, so it is easy to
@@ -146,28 +164,10 @@
http://svn.apache.org/viewvc?view=rev&rev=520733
+1: wrowe
- * SECURITY: CVE-2007-3304
- scoreboard pid protection fixes -- the only fix for 2.0.x is
- to ensure a valid positive pid is passed to apr_proc_wait();
- the MPMs do not kill children directly as in 2.2.x.
- trunk commit:
- http://svn.apache.org/viewvc?view=rev&rev=551843
- patch for 2.0.x:
- http://people.apache.org/~jorton/httpd-2.0.x-CVE-2007-3304.patch
- +1: jorton, jim
-
* SECURITY: CVE-2006-5752
mod_status XSS fix for broken browsers:
http://svn.apache.org/viewvc?view=rev&rev=549159
- +1: jorton
-
- * SECURITY: CVE-2007-1863
- mod_cache fix for handling Cache-Control attributes
- Trunk version of patch:
- http://svn.apache.org/viewvc?view=rev&rev=535617
- 2.0.x version of patch:
- http://people.apache.org/~mjc/cve-2007-1863-2.0.patch
- +1: jorton
+ +1: jorton, rpluem
PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON:
@@ -323,15 +323,6 @@
looking at the headers. For that matter, why are subreq's even
propogating POST or other non-GET types? It seems that almost
any subreq should be handled as a GET in 2.0.
-
- *) SECURITY: CVE-2007-1863 (cve.mitre.org)
- mod_cache: Prevent segfault from Cache-Control headers with no
- values
- Trunk version of patch:
- http://svn.apache.org/viewvc?view=rev&rev=535617
- 2.0.x version of patch:
- http://people.apache.org/~mjc/cve-2007-1863-2.0.patch
- +1: mjc, rpluem
CURRENT VOTES: